I will soon launch a website. It will be entirely static on the webserver (just HTML files and SVGs and such), which are dynamically generated on my PC. They will be generated every fifteen minutes or so and then synced via SFTP to the webserver using WinSCP (because FileZilla doesn't support scripting/automation).
I use this WinSCP command:
synchronize remote "C:\sync dir" "/www_root"
According to the WinSCP manual, it means that it makes sure that the remote side is identical to the local side. That is, whatever files are in the local dir will end up in the remote (webserver) dir. I can't find any option to "always exclude JPGs" or anything like that.
My own control script, which runs the WinSCP sync command, calculates the hash for the local dir before it runs the WinSCP sync command. After it's run, it again calculates the hash and compares it with the first. If it's different, that means that something has changed in the dir between it starting to sync and finishing to sync. It notifies me if this happens, but of course, it's too late at that point.
Before my script runs the WinSCP sync command, a general check of the dir is performed, making sure that only the appropriate files are in it. For example, it stops everything and doesn't run the sync command if it detects a JPG file anywhere in it.
The problem is that, it could be that I accidentally move or copy an image (or any kind of) file into the local dir, when it has started to sync but isn't finished syncing yet. If that happens, which is quite possible if it has to do this process every 15 minutes all day long, every day, depending on how the WinSCP developers implemented that feature, my private file will end up on the webserver!
While it's unlikely that any visitor to my website will ever know, the webserver host might very well be logging and storing everything. And even if they don't, I just don't want this to ever happen. It makes my skin crawl thinking about it.
Of course, I won't have any "favorites" or other bookmarks to that upload dir in my File Explorer (which would make this issue much more likely to occur), but it's still possible that it could happen, and it makes me feel very paranoid.
I have many times in the past found mystery files (and shortcuts) in dirs which I don't remember putting there, but which end up being explained by me accidentally moving the mouse cursor while clicking or holding down the mouse button, etc. It actually does happen, and Windows normally doesn't ask you but just performs the file move/copy operation instantly and very subtly.
As far as I know, there is no (sane) way to enable some sort of "special treatment" per-directory, such as "make this specific dir read-only unless you send this password with it" or something. There's tons of weird stuff in Windows, but I hope to avoid setting all kinds of weird permissions and audit options, if it can be done in a saner way which I just haven't thought of.
Please note: No, I can't put the actual logic on the webserver. And I can't use a VM. And I can't use Docker. There are very important reasons for why I can't do these things. I need it to be done in this manner because of complicated reasons. It's got a lot to do with security. Yes, it is super ironic that I'm talking about security yet run Windows, etc. Not all Windows users are the same. My Windows doesn't in almost any way resemble Windows. I don't like Windows myself. It's a complicated world and in my situation, it has to be done like this.
WinSCP’s synchronize command has a flag to enforce a file mask, aptly named -filemask:
-filemask=<mask>Sets file mask.
WinSCP can help you build said mask with its built-in File Mask Dialog feature. Pass the result of this utility to your script to include and exclude files based on their type or other criteria from the synchronization.